Skip to content

Commit e9f70c6

Browse files
enocomenocom
authored
feat: add bullseye container (GoogleCloudPlatform#147)
1 parent 9aa33f4 commit e9f70c6

File tree

4 files changed

+101
-1
lines changed

4 files changed

+101
-1
lines changed

.build/bullseye.yaml

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
# Copyright 2022 Google LLC
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
steps:
16+
- name: gcr.io/cloud-builders/docker
17+
args:
18+
- run
19+
- '--privileged'
20+
- 'linuxkit/binfmt:v0.7'
21+
id: 'initialize-qemu'
22+
- name: gcr.io/cloud-builders/docker
23+
args:
24+
- buildx
25+
- create
26+
- '--name'
27+
- multiarch-builder
28+
id: 'create-builder'
29+
- name: gcr.io/cloud-builders/docker
30+
args:
31+
- buildx
32+
- use
33+
- multiarch-builder
34+
id: 'select-builder'
35+
- name: gcr.io/cloud-builders/docker
36+
args:
37+
- buildx
38+
- inspect
39+
- '--bootstrap'
40+
id: 'show-target-build-platforms'
41+
- name: 'gcr.io/cloud-builders/docker'
42+
args:
43+
- 'buildx'
44+
- 'build'
45+
- '--platform'
46+
- $_DOCKER_BUILDX_PLATFORMS
47+
- '--tag=gcr.io/$PROJECT_ID/gce-proxy:${_VERSION}-bullseye'
48+
- '--tag=us.gcr.io/$PROJECT_ID/gce-proxy:${_VERSION}-bullseye'
49+
- '--tag=eu.gcr.io/$PROJECT_ID/gce-proxy:${_VERSION}-bullseye'
50+
- '--tag=asia.gcr.io/$PROJECT_ID/gce-proxy:${_VERSION}-bullseye'
51+
- '-f=Dockerfile.bullseye'
52+
- '--push'
53+
- '.'
54+
id: 'build-multi-architecture-container-image'
55+
options:
56+
env:
57+
- DOCKER_CLI_EXPERIMENTAL=enabled
58+
substitutions:
59+
_DOCKER_BUILDX_PLATFORMS: 'linux/amd64,linux/arm64'

.build/release_artifacts.sh

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,9 @@ fi
3838

3939
# Build and push the container images
4040
gcloud builds submit --async --config .build/default.yaml --substitutions _VERSION=$VERSION
41-
gcloud builds submit --async --config .build/buster.yaml --substitutions _VERSION=$VERSION
4241
gcloud builds submit --async --config .build/alpine.yaml --substitutions _VERSION=$VERSION
42+
gcloud builds submit --async --config .build/buster.yaml --substitutions _VERSION=$VERSION
43+
gcloud builds submit --async --config .build/bullseye.yaml --substitutions _VERSION=$VERSION
4344

4445
# Build the binarys and upload to GCS
4546
gcloud builds submit --config .build/gcs_upload.yaml --substitutions _VERSION=$VERSION

Dockerfile.bullseye

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
# Copyright 2022 Google LLC
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
# Use the latest stable golang 1.x to compile to a binary
16+
FROM --platform=$BUILDPLATFORM golang:1 as build
17+
18+
WORKDIR /go/src/alloydb-auth-proxy
19+
COPY . .
20+
21+
ARG TARGETOS
22+
ARG TARGETARCH
23+
24+
RUN go get ./...
25+
RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
26+
go build -ldflags "-X main.metadataString=container.bullseye"
27+
28+
# Final stage
29+
FROM debian:bullseye
30+
RUN apt-get update && apt-get install -y ca-certificates
31+
# Install fuse and allow enable non-root users to mount
32+
RUN apt-get update && apt-get install -y fuse && sed -i 's/^#user_allow_other$/user_allow_other/g' /etc/fuse.conf
33+
# Add a non-root user matching the nonroot user from the main container
34+
RUN groupadd -g 65532 -r nonroot && useradd -u 65532 -g 65532 -r nonroot
35+
# Set the uid as an integer for compatibility with runAsNonRoot in Kubernetes
36+
USER 65532
37+
38+
COPY --from=build --chown=nonroot /go/src/alloydb-auth-proxy/alloydb-auth-proxy /alloydb-auth-proxy
39+
ENTRYPOINT ["/alloydb-auth-proxy"]

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,7 @@ currently supported:
138138
* `$VERSION-alpine` - uses [`alpine:3`](https://hub.docker.com/_/alpine) as a
139139
base image
140140
* `$VERSION-buster` - uses [`debian:buster`](https://hub.docker.com/_/debian) as
141+
* `$VERSION-bullseye` - uses [`debian:bullseye`](https://hub.docker.com/_/debian) as
141142
a base image
142143

143144
We recommend using the latest version of the proxy and updating the version

0 commit comments

Comments
 (0)